Total
29062 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4329 | 1 Ibm | 1 Websphere Application Server | 2024-09-17 | 4.3 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. | ||||
| CVE-2018-0822 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-09-17 | N/A |
| NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability". | ||||
| CVE-2019-4614 | 4 Ibm, Linux, Microsoft and 1 more | 5 Mq, Mq Appliance, Linux Kernel and 2 more | 2024-09-17 | 6.5 Medium |
| IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. | ||||
| CVE-2018-15395 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-09-17 | N/A |
| A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An attacker could exploit this vulnerability by attempting to acquire an SGT from other SSIDs within the domain. Successful exploitation could allow the attacker to gain privileged network access that should be prohibited under normal circumstances. | ||||
| CVE-2020-4353 | 1 Ibm | 1 Maas360 | 2024-09-17 | 4.6 Medium |
| IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505. | ||||
| CVE-2013-4611 | 2 Project-redcap, Vanderbilt | 2 Redcap, Redcap | 2024-09-17 | N/A |
| Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page. | ||||
| CVE-2022-31770 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2024-09-17 | 4.9 Medium |
| IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. | ||||
| CVE-2021-35235 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-09-17 | 5.3 Medium |
| The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent. | ||||
| CVE-2021-27760 | 1 Hcltech | 1 Hcl Inotes | 2024-09-17 | 4.6 Medium |
| An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code. | ||||
| CVE-2019-4656 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Mq and 5 more | 2024-09-17 | 6.5 Medium |
| IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. | ||||
| CVE-2017-1000483 | 1 Plone | 1 Plone | 2024-09-17 | N/A |
| Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5. | ||||
| CVE-2021-29701 | 3 Ibm, Linux, Microsoft | 4 Engineering Workflow Management, Rational Team Concert, Linux Kernel and 1 more | 2024-09-17 | 4.3 Medium |
| IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657. | ||||
| CVE-2013-2366 | 1 Ibm | 1 Business Process Monitor | 2024-09-17 | N/A |
| Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZDI-CAN-1802. | ||||
| CVE-2018-0389 | 1 Cisco | 2 Spa514g, Spa514g Firmware | 2024-09-17 | N/A |
| A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier. | ||||
| CVE-2021-29785 | 2 Ibm, Linux | 2 Soar, Linux Kernel | 2024-09-17 | 5.9 Medium |
| IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169. | ||||
| CVE-2020-12776 | 1 Openfind | 1 Mail2000 | 2024-09-17 | 6.6 Medium |
| Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. | ||||
| CVE-2018-3722 | 1 Merge-deep Project | 1 Merge-deep | 2024-09-17 | N/A |
| merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2010-2710 | 1 Hp | 1 Openview Network Node Manager | 2024-09-17 | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2021-20433 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-09-17 | 6.5 Medium |
| IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345. | ||||
| CVE-2022-41853 | 3 Debian, Hsqldb, Redhat | 7 Debian Linux, Hypersql Database, Camel Spring Boot and 4 more | 2024-09-17 | 8 High |
| Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled. | ||||